Random traffic outage when a fail-over occurs in 3rd party Cluster in the following topology:
[Check Point machine on Gaia OS / SecurePlatform OS] --- [3rd party Cluster, e.g., Citrix NetScaler cluster]
Traffic capture on Check Point machine during the 3rd party Cluster fail-over shows the following chain of events:
Traffic is sent from Check Point machine to 3rd party Cluster to the correct MAC Address
Fail-over occurs in 3rd party Cluster
3rd party Cluster sends Gratuitous ARP frames (either GARP Reply, or GARP Request) to announce a new MAC Address associated with 3rd party Cluster
Check Point machine keeps sending traffic to the previous MAC Address of 3rd party Cluster (the new announced MAC Address is "ignored")
Output of Clish command "show arp dynamic all", or Expert mode command "arp -a" after 3rd party Cluster fail-over shows that the new announced MAC Address of 3rd party Cluster is not added to the ARP table.
Setting the value of "/proc/sys/net/ipv4/conf/all/arp_accept" to 1 in Gaia OS / SecurePlatform OS kernel resolves the issue only if 3rd party Cluster sends Gratuitous ARP frames of type "Gratuitous ARP Reply" (ARP OpCode = 2): [Expert@HostName]# /sbin/sysctl -w net.ipv4.conf.all.arp_accept=1
Gratuitous ARP frames are discarded by Gaia OS / SecurePlatform OS kernel.